<?php

    // check if input for sql accepted
    if(isset($_POST['loginname']) and isset($_POST['password']) and !preg_match('/[^0-9-_a-z]/i',$_POST['loginname'])) {
        global $md5_prefix;

        $password_md5 = md5($md5_prefix.$_POST['password']);
        unset($md5_prefix);

        $loginname = $_POST['loginname'];

        // check if user and password exists
        $res_check_user = execute_query("SELECT ID, language_ID  FROM %PRE%user WHERE loginname = '".$loginname."' and password = '".$password_md5."'",$MySQL_DB);
        if($check_user = $res_check_user->fetch_object()) {
            $_SESSION['userID'] = intval($check_user->ID);
            $_SESSION['languageID'] = $check_user->language_ID;

            if(isset($_POST['oldUrl'])) {
                $_SESSION['oldUrl'] = $_POST['oldUrl'];
            }

            header('location: index.php?site=login&success');
        }
        // user not found / wrong passoword
        else {
            $template_vars = array("message" => $indexModul->getText('failed_login'));
            echo $indexModul->getTemplate('warning_content',$template_vars);
        }

    }
    else {
        $template_vars = array("message" => $indexModul->getText('failed_login'));
        echo $indexModul->getTemplate('warning_content',$template_vars);
    }

?>